Passwords are the most widespread form of authentication on different platforms and systems. Still, companies and users often do not prioritize creating strong passwords and continue to opt for simple and very weak passwords in the eyes of cybercrime professionals. Despite all the security warnings, at the top of the list of most hacked passwords of 2022, we find passwords such as:
The first one on the list is used in almost 5 million accounts, and, of the six mentioned, all of them can be compromised in less than a second, except for "guest," which takes ten seconds to crack. Generally speaking, this happens because users assume that they are not an attractive target for cybercriminals, and they are not aware that their credentials can also put their organization and the data it is trying to protect at risk.
Identity and credential protection as a priority
Despite the high adoption rate for MFA, businesses are still concerned about protecting identities as well as the credentials of their teams and, as a result, are looking to employ different strategies to secure them. They are aware that password security is an issue. This premise is supported by the Pulse survey, where 43% of executives state that secure authentication is critical to their organization. In response, companies use password security measures to ensure data protection, such as minimum complexity requirements, which are implemented by more than half of respondents (79%), single sign-on (SSO) by 66%, regular password resets (65%) and staff security training (59%).
Traditional passwords are still widely used by 59% of respondents. However, businesses also adopt other forms of authentication to access their systems and applications. The most commonly used is MFA/2FA (87%), although many companies still use traditional SMS (37%) as a method of authentication. Despite adding a layer of difficulty, the SMS approach is not recommended as it exposes significant vulnerabilities that cybercriminals can circumvent easily through SIM-swapping.
Organizations are aware of the benefits of adopting multi-factor authentication (MFA), and 83% state they are currently implementing this measure. Out of those IT managers who say they still need to apply MFA, 71% say they plan to do so in the next three months. When asked why they do not use this technology, 65% indicated that it is due to a lack of resources.
MFA: the secure authentication solution to achieve zero trust
Organizations are becoming more serious about using MFA as a proactive measure due to the acknowledged benefits of this measure. 55% of IT managers surveyed have reported a 20% drop in security breaches.
Security Boulevard points out in an article that credential theft through simple hacking is still one of the easiest and most direct ways to breach an organization's security. Too many users rely on weak passwords to protect their accounts, and this is the most common security vulnerability. Moreover, they add that in 2019 weak passwords caused 30% of ransomware infections and continue to be a significant problem in corporate environments in 2022.
If you are looking to adopt a zero-trust security architecture, identity and data must be put at the center of the strategy, as the goal is to protect data and only grant access to specific, authorized identities. This is why MFA is mainly used to protect applications in the Cloud (70%), applications on devices (66%), or to log in to network devices such as firewalls, routers, etc.
Solutions such as WatchGuard's AuthPoint offer companies robust and consistent protection across their network, as well as for their VPN connections or Cloud applications. The application allows employees to access multiple applications and systems with single sign-on (SSO) to reduce the risk of security vulnerabilities from the use of weak passwords. By conveniently running on the WatchGuard Cloud platform, it is available anywhere, removing the need to install software, schedule updates, or manage patches. This is particularly helpful for IT teams with limited staff and expertise. This enables equal access to identity security, including businesses that do not have extensive resources.